Since 1991 RSA has sponsored a factoring challenge
[1] to encourage
research into the factoring of large numbers. It is the difficulty
of the factoring problem that underlies RSA encryption. The numbers
on RSA's challenge lists are of two types: "random" numbers that may
be easy or hard to factor, and numbers of the type that RSA might
use in devising secure cryptosystems, which are considered hard
to factor.

On 22 August an international group announced
[2] that they had
found the prime factors of the largest such "hard" number ever
cracked: RSA-155, a 155-digit (or 512-bit) number. The group was
led by Herman te Reile of CWI, a Dutch mathematics research
institute. Te Reile also led the effort to factor RSA-140, the previous
record-holding "hard number," which had been cracked last February.

Here are RSA-155 and its two 78-digit prime factors, as reported by
the research group.

Factoring RSA-155 required about 8000 MIPS-years and occupied, as
best I can figure
[3], just under half a year in calendar time.
(This makes sense if the team turned to RSA-155 as soon as they
had cracked RSA-140 last February.) As of this writing the
claimants have not yet been placed on the RSA Honor Roll list. Send a
blank email to challenge-rsa-honor-roll@rsa.com to receive this
list.

By far the most time-consuming step in the factoring job was
sieving. It is this step that Shamir's TWINKLE
[4] would greatly
speed up.

For the first time a federal appeals court has ruled
[5] that
corporations can't always prevent others from registering domain names
that happen to coincide with their brand names. This ruling marks a
redress that many feel is overdue. Too bad the case in question is
so cloudy. I noted the affair of FreeView Listings vs. Avery
Dennison in the article Squammers[6] last February. The lower court
called FreeView's founder a domain squatter. This is not the
clearcut case I would wish to see of a large corporation harassing an
individual who has a legitimate reason to use a domain name.

The appeals court's ruling turned on the breadth of recognition for
Avery Dennison's trademark. It prompted one of the lawyers involved
to muse, ad absurdam, that if this ruling holds then only Coca-Cola
and McDonalds might enjoy trademark protection on the Web.

Thanks to Kenneth Adelman <adelman at adelman dot com> for pointing
out this story.

Much of the acrimony of the previous Berlin meeting
[7] seemed to be
absent at Santiago. ICANN held its decision-making meeting in full
public view (for that fraction of the public that had managed to
travel to Chile, anyway); only some advisory committee meetings were
closed. ICANN's interim chair, Esther Dyson, participated in an
online chat session from one of those closed meetings. Its transcript
[8] provides a welcome human sidelight, typos and all, to the august
proceedings.

This ICANN page
[9] provides a bare listing of all of the
resolutions acted upon at Santiago. Today's NY Times coverage
[10] (free
registration and cookies required) stresses the persistent complaint
that ICANN's process to date has taken most of its input from large
commercial organizations and governments, to the exclusion of
not-for-profit entities and individual Netizens.

At Santiago ICANN initiated the process of gathering a broad-based,
representative membership of at least 5,000 individuals, which will
elect half of ICANN's board members next year.

ICANN's other significant action was to approve draft rules to limit
cyber-squatting. In conciliation to individual domain-name owners,
ICANN directed a sub-panel to add new language protecting individuals
and others from losing legitimately registered domain names to large
companies.

Each time the Clinton administration asks a panel of experts to go
off and ponder directions for cryptography export policy, they
tend to come back with a recommendation to relax the rules. This
time it was the President's Export Council Subcommittee on
Encryption advising that the administration back off restrictions of
hardware and software exports to friendly countries
[11]. The panel's
report, called Liberalization 2000[12], also recommends that
industries building critical infrastructure, such as power, water, and
telecomms, be allowed free use of unbreakable encryption. Given the
recent evidence of administration sentiment -- the FIDNET
[13] and
CESA
[14] proposals -- I wouldn't count on seeing even these modest
and sensible recommendations implemented.

Note added 1999-09-02:
The full text of the Liberalization 2000 report is available on
John Young's Crypome [14a].

This ZDnet story
[15], commented upon at Slashdot
[16], warns of
upcoming strife and turf battles in corporate IT departments as
Windows 2000 is introduced. The reason is that W2K supports Dynamic DNS
(DDNS) for name resolution in its Active Directory service, not the
static DNS offered by many Unix systems. The ZDnet coverage errs by
implying that DDNS is not even implemented, let alone in service, on
Unix systems -- in fact many Unices, including Linux, support stable
and tested DDNS implementations. ZDnet's prophesied battle looms
because once W2K systems are added to the mix in IT shops, then W2K
will demand to be the root of the naming service, displacing Unix.
The ZDnet reporter talked to sources at a large aerospace shop --
unnamed, but fingered in the Slashdot discussion as Boeing -- at
which Unix and Windows administration functions are performed by
separate groups. One Slashdot poster points out that in a
rationally run organization, with jobs defined by function and not by
operating system, no conflict would occur. As a final coda to the ZDnet
story, a poster opines that any article covering Windows 2000 and
featuring a link at the bottom for "Windows 2000 prices," as this
one does, isn't journalism -- it's an infomercial.

Richard Smith, prolific spotter and exposer of security holes, has
posted a simple page
[17] listing many of the recently discovered
ways that bad guys can do you in using ActiveX controls and Outlook
on your Win98 system. Last week Smith demonstrated the problems at
the 8th Usenix Security Conference
[18]. Microsoft has developed
fixes for most of the holes and rolled them forward into Windows
2000 development, but there are millions of vulnerable systems on
desktops worldwide. Most of their owners will never download and
apply the security fixes.

A 36K download will allow US users of Netscape's international
(crippled) encryption to upgrade their browsers for 128-bit
security
[19]. This is a fine idea and long overdue -- previously,
effecting this security upgrade from Netscape required a 12-MB download.
But Netscape has made the tiny upgrade available only through their
SmartUpdate package as far as I can see -- you can't download the
upgrade as a standalone file. Before visiting this page
[20] you must
enable Java, cookies, and SmartUpdate. I was unwilling to try this
as I already have 128-bit encryption in Communicator 4.6 and don't
trust SmartUpgrade not to mess things up. But that's just me; go
ahead and try it. You'll need to attest to US citizenship or
permanent residency. Anyone who does the upgrade, please write to me
about the experience.

Alan Braggins <armb at ncipher dot com> wrote to remind me that a
year and a half ago TBTF covered
[21]Fortify[22], an
internationally available alternative for upgrading international Netscape for
strong crypto.

If you happen to be a US Citizen, and you are working
overseas, you will have a hell of a problem updating your
browser. When SmartUpdate starts, it checks the registered
name of your IP address, and if that name does not end with
.com, .net, edu (i.e. anything that is not US) you are not
even allowed to ID yourself as a US citizen. This is also true
if your IP address does not resolve to a name.

The accelerating rate at which the US patent office has been
granting patents for software algorithms and, lately, business
methods has recently caught the attention of the mainstream press.
(TBTF readers have been hearing about this issue for four years.)
This CNN coverage
[23] plows the now-familiar ground neatly. This
report in the Linux Journal
[24] stresses the danger such a
carpet-bombing of dubious patents could cause for open source development
projects. The Linux Journal article also features an excellent set
of links for further reading on the subject. See especially this
report
[25] by longtime PTO critic Greg Aharonian of software
patents issued in 1998, and historically.

In July 1999, software pioneer Dan Bricklin released
[26] a 1981
version of VisiCalc, the seminal spreadsheet he co-invented, for
free download from the Web. (It's 27K!) Bricklin's action initiated
an ongoing parade of releases of classic software by the luminaries
of the early history of software development. I've posted a summary
[27] of these releases with URLs where you can pick up these software
artifacts. The latest classic to become publicly available is Xanadu
[28], Ted Nelson's near-mythic attempt to create a globe-spanning
system of hypertexts. The Xanadu code, which had never been seen
before outside the circle of its developers, has now been released
in an open-source format. But the Xanadu release seems to be
considerably rougher than the open source state-of-the-art: one early
downloader, Lindsay Marshall, commented succinctly in his Web log
[29]: "Nothing works, no documentation."

Note added 1999-09-03:
Ka-Ping Yee <ping at lfw dot org> wrote to chastise me, in the
nicest possible way, for seemingly dismissing Udanax by running Lindsay
Marshall's comment, above. This certainly wasn't my intent. Anyone
with an interest in hypertext should download the Udanax distributions
and explore them with an open mind. Yee writes:

The Xanadu server code is indeed old and hard to understand,
but it does actually run and there's lots of interesting stuff
to learn from these algorithms.

Today's distribution builds on SunOS, OpenBSD, Alpha, and Irix
as well as Linux. I have no fantasies that the code as it
stands will turn into a major application, but I think there
was some really good work done here -- remember that some very
smart people spent many years designing this thing and solving
very hard technical problems.

Jargon Scout
[30] is an irregular TBTF feature that aims to give you
advance warning -- preferably before Wired Magazine picks it up --
of jargon that is just about ready to hatch into the Net's language.
Our latest offerings:

Blog: 1.) n.A Web log. 2.) vi.To run a Web log.

First spotted on the Eatonweb[31] blog, er, Web log on 1999-08-25,
though Eatonweb's proprietor Brigitte says the coinage is due to
our very own TBTF Irregular Peter Merholz <peterme at peterme dot
com>
[32]. Seems he decided one fine day that "Web log" ought to be
pronounced "wee-blog." Here is Peterme's recollection of the coinage:

My "wee-blog" announcement has been on my page for a while. I
don't know when I coined it, but this attribution
[33] dates
it to before May 23, 1999. It got contracted to "blog" after
that in email to and from friends.

The verb to blog seems to me to be intransitive. That is, Brigitte
doesn't blog eatonweb, she simply blogs. A Web tool has arisen to
aid in the endeavors of wannabe bloggers; it is, of course,
blogger.com[34].

Vortal: n.A vertical portal.

Portals have been the biggest rage since push (remember push?),
starting in the consumer space as Yahoo broadened its search
engine into an Internet destination and gateway, and everybody from
MSN to the Grace L. Ferguson Airline (And Storm Door Company)
declared that they were a portal, too. Except, as usual on the Net,
no-one could figure out how to make money from them. Vertical
portals emerged early this year as destination sites for specialized
communities -- e.g., buyers of scientific supplies -- spread out
to include other content of interest to their target audiences.
Vortals make sense: it's not hard to explain how they help the
bottom line. Then there are intranet enterprise portals, but we
won't go there.

Note added 1999-09-02:
Jeremy Schutte <jeremys at eggrock dot com> writes to note that
the term was used in the 6/26/99 Economist Survey of Business and the Internet,
in the piece The Rise of the Infomediary. "Vortal" was a reference to
Adauction.com's relaunch.

This site
[36] features reviews of books, movies, and music appealing
to technology's rejectors. Any competent marketer must ask: what
were they thinking in choosing the Web as a medium to reach this
particular niche? The site is not without humor. Its visitor counter is
stuck on 404 and links to the 404 Research Lab[37]. TLR is a
production of Fairhill & Company, an "information technology and historic
preservation consulting firm" [sic] located in Denver, CO. Thanks to
alert reader <jtmcc att uswest dot net> for the cite.

Aibo, the robot dog from Japan
[38], is beginning to penetrate
Western cultural consciousness.
Bergdorf Goodman seems to have bought
itself one of the 2000 Aibos that were sold in the US (at $2250
retail), or perhaps its ad agency did. A TBTF Irregular and
self-described boutique guerrilla spotted Aibo in Bergdorf ads for
high-end women's clothing, by three different designers, in three
different fashion magazines. In one the model holds the robot dog on
one arm; in another the robot romps at her feet.

Here is a review
[39] by John Wharton
<jwharton at netcom dot com>,
an early Aibo adopter [sic]. It was carried on Dave Farber's
interesting People list. Wharton is struck by (what he takes to be)
Japanese attitudes toward pets showing through in the product and its
documentation; he finds the cultural contrast jarring.

Last word
[40]
on Aibo goes to James "Kibo" Parry
<kibo at world dot std dot com>, who was a net.god before you were born. This posting
appeared last April on alt.religion.kibology (natch).

: >The gleaming metallic puppy-sized robot is named Aibo,

: AAAAA...AAAII...IIIIIEEE...EEEE!!!! [my elision: kd]

: > the Japanese word for partner. The first two letters of the
: > name also refer to "artificial intelligence."

Notes

Yes, I read
all about Amazon.com's Purchase Circles brouhaha, thanks.
Didn't think it was all that significant.

The Grace L. Ferguson Airline (And Storm Door Company) was an
early
invention of the comedian Bob Newhart[41]. His routine
[42] is
prescient. Penned decades before US airline deregulation, it
perfectly captures the mean-spiritedness and the sheer terror of budget
air travel. Captain: "Have any of you passengers ever been to Hawaii
before? You have, sir? It's kind of... kidney-shaped, isn't it?"